Text only | Text with Images

OPNsense Forum

English Forums => Hardware and Performance => Topic started by: UKSPEED on July 20, 2024, 10:56:57 PM

Title: /24 under Proxmox
Post by: UKSPEED on July 20, 2024, 10:56:57 PM
Hello
Do I need to use private IPs from the LAN side of the Opnsense , or can I use normal IPs like 156.x.x.0/24 so I can protect all the traffic with this range after the ( VM Opnsense) from the Lan side

So can I use public IPs from the LAN sides and how ?
Title: Re: /24 under Proxmox
Post by: Marinoz on July 20, 2024, 11:20:23 PM
umm.... im quite unsure about what you mean but im quite sure you cant use any other ip except for the private ip range
Title: Re: /24 under Proxmox
Post by: Marinoz on July 20, 2024, 11:21:54 PM
devices from the lan side take private ips from the isc dhcpv4 server usually. They cant receive non private ips.154 is a public ip which means it can not be used as a private ip at the lan side.
Title: Re: /24 under Proxmox
Post by: Patrick M. Hausen on July 21, 2024, 12:47:08 AM
OPNsense is a router and a firewall. Of course you can use whatever IP range suits your use case. In our data centre OPNsense isolates and protects hosting customers, so there are globally routable IP addresses on all the customer (read: "internal") interfaces. Consequently there is no NAT in place.

There is absolutely nothing special about the RFC 1918 IP address range. Every local router will forward these just as well as globally routable addresses wherever the routes point. And nowhere is it written that NAT is necessary or even desirable. NAT sucks, you don't want it. You need to use it until the day when we finally bury IPv4 for good.

It is just a convention among IPSs that these are supposed to be NATed and blocked across backbone/transit links. Well, it's a standard - the named RFC. But technically these are in no way special.

HTH,
Patrick
Title: Re: /24 under Proxmox
Post by: bimbar on July 22, 2024, 11:17:19 AM
Quote from: UKSPEED on July 20, 2024, 10:56:57 PM
Hello
Do I need to use private IPs from the LAN side of the Opnsense , or can I use normal IPs like 156.x.x.0/24 so I can protect all the traffic with this range after the ( VM Opnsense) from the Lan side

So can I use public IPs from the LAN sides and how ?

What Patrick said, but also, you should use private IPs locally, since if you use a random public address range, this will be used somewhere in the internet, and you will not be able to access that range publically.

The only difference really is that the private IP ranges are not used in the public internet, and that they will usually be blocked in some way by ISPs (probably null-routing).
Text only | Text with Images